Hacker Reveals Serious Vulnerabilities in McDonald's Systems: What Happened to Customer Data

Serious Vulnerabilities Found in McDonald's Digital Infrastructure

Famous security researcher BobDaHacker discovered issues in McDonald's digital infrastructure that may have allowed access to customer data and internal systems. He noted that the company was slow to respond to his reports. This was reported by «Glavcom» citing Tom's Hardware.

According to the statement, it took a full three months to implement a complete account system in the Feel-Good Design Hub service for McDonald's employees. However, the problem remained: by replacing the word «login» with «register» in the URL, one could gain access. Tom's Hardware emphasized that such a slow reaction raises questions about McDonald's seriousness regarding security.

• The Design Hub registration system had errors with mandatory fields, making it easier to create accounts.
• Passwords for new users were sent in plain text.
• API keys and secrets of McDonald's were found in the JavaScript code, which could potentially be used for malicious actions.

Difficult to Report Security Issues

The researcher had to put in efforts to convey information about vulnerabilities. Although McDonald's fixed «most of the vulnerabilities», a channel for reporting security issues was never established. Furthermore, the employee who assisted in resolving the issues was fired.

Serious vulnerabilities were found in McDonald's digital infrastructure that allowed access to the company's data and internal systems. While some issues were resolved, the slow reaction and lack of a reporting channel for security raise serious questions about information protection at McDonald's.